aboutsummaryrefslogtreecommitdiffstats
path: root/ssl/ssl_sess.c
diff options
context:
space:
mode:
authorJung-uk Kim <jkim@FreeBSD.org>2015-01-08 22:40:39 +0000
committerJung-uk Kim <jkim@FreeBSD.org>2015-01-08 22:40:39 +0000
commitc6485458b37e3f0f5d1c69c0452e4551ac3b1824 (patch)
treec2b36ecba3cb850d324786e97809c541cb5c2d5a /ssl/ssl_sess.c
parent58ab7656b2c140e06d60a7831a9f5b6e1ddc2fe5 (diff)
downloadsrc-c6485458b37e3f0f5d1c69c0452e4551ac3b1824.tar.gz
src-c6485458b37e3f0f5d1c69c0452e4551ac3b1824.zip
Import OpenSSL 1.0.1k.vendor/openssl/1.0.1k
Notes
Notes: svn path=/vendor-crypto/openssl/dist/; revision=276856 svn path=/vendor-crypto/openssl/1.0.1k/; revision=276858; tag=vendor/openssl/1.0.1k
Diffstat (limited to 'ssl/ssl_sess.c')
-rw-r--r--ssl/ssl_sess.c16
1 files changed, 15 insertions, 1 deletions
diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c
index ad40fadd02cc..235f92d824cd 100644
--- a/ssl/ssl_sess.c
+++ b/ssl/ssl_sess.c
@@ -335,7 +335,21 @@ int ssl_get_new_session(SSL *s, int session)
return(0);
}
#ifndef OPENSSL_NO_TLSEXT
- /* If RFC4507 ticket use empty session ID */
+ /*
+ * If RFC5077 ticket, use empty session ID (as server).
+ * Note that:
+ * (a) ssl_get_prev_session() does lookahead into the
+ * ClientHello extensions to find the session ticket.
+ * When ssl_get_prev_session() fails, s3_srvr.c calls
+ * ssl_get_new_session() in ssl3_get_client_hello().
+ * At that point, it has not yet parsed the extensions,
+ * however, because of the lookahead, it already knows
+ * whether a ticket is expected or not.
+ *
+ * (b) s3_clnt.c calls ssl_get_new_session() before parsing
+ * ServerHello extensions, and before recording the session
+ * ID received from the server, so this block is a noop.
+ */
if (s->tlsext_ticket_expected)
{
ss->session_id_length = 0;